@fastify/express 安全漏洞

@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express 4.0.4 and earlier contain security vulnerabilities. These vulnerabilities arise from failing to normalize URLs before passing them to Express middleware when the Fastify router normalization option is...

CVE-2026-20417

In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-51...

Linux Distros Unpatched Vulnerability : CVE-2024-9266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impact...

Linux Distros Unpatched Vulnerability : CVE-2024-10491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data i...

CVE-2024-51999

...

EUVD-2021-2220

Malware in sbrugna...

EUVD-2005-4005

Malware in sbrugna...

EUVD-2002-0282

Malware in sbrugna...

EUVD-2022-1103

Malicious code in bioql PyPI...

EUVD-2024-3174

Malicious code in bioql PyPI...

CVE-2025-27361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express for Google: from n/a through = 0.3.2...

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

CVE-2005-3287

Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache director...

@akrc/fnpm (=1.13.1), @buttery/studio (>=0.2.3 <=0.3.1) +58 more potentially affected by CVE-2025-31137 via @react-router/express (>=7.0.0 <=7.4.1-pre.0)

@react-router/express NPM version =7.0.0, =0.2.3, =0.1.0, =0.3.1, =0.0.13, =1.0.0, =0.0.0-semantically-released, =1.0.1, =6.0.0-canary-001, =6.0.0-canary-001, =6.0.0-canary-001, =0.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2025-31137 Source advisory: OSV:GHSA-4Q56-CRQP-V477...

express: Improper Input Handling in Express Redirects

A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect, even if the input is sanitized...

PT-2024-16314 · Express +1 · Express +1

Name of the Vulnerable Software and Affected Versions: Express affected versions not specified Description: A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @alesmenzel/express.io (=2.0.0) +1030 more potentially affected by CVE-2024-9266 via express (>=3.4.5 <=3.9.0)

express NPM version =3.4.5, =0.0.1, =0.25.0, =1.0.4, =0.0.1, =1.5.0, =1.1.13, =1.4.5, =1.5.0, =1.6.0 - @gaia-cli-dev/log =1.5.3 - @gaia-cli-dev/npm-get-info =1.5.3 and more Source cves: CVE-2024-9266 Source advisory: OSV:GHSA-JJ78-5FMV-MV28...

Express.js 安全漏洞

Express.js is a fast, unlimited, minimalist web framework for Node.js open sourced by expressjs. A security vulnerability exists in Express.js versions 3.4.5 through prior to 4.0.0, which stems from URL redirection to an untrusted site...

@coder/code-server-pr (>=0.0.0-5720-b0b6a997d711d1596cd75597cb51aefe64be150e <=4.8.3-5762-deebf96f942f25d874570d654b2baa91e77c5967), @daiyu-5577/quickbuild (>=1.2.1 <=2.6.8) +33 more potentially affected by CVE-2024-43796 via express (>=5.0.0-alpha.2 <=5.0.0-beta.3)

express NPM version =5.0.0-alpha.2, =0.0.0-5720-b0b6a997d711d1596cd75597cb51aefe64be150e, =1.2.1, =3.0.0, =3.0.0, =3.0.3, =4.2.0, =0.2.0, =0.0.1, =0.1.0, =0.55.1, =2.0.0-2, =2.0.0-1, =0.5.9, =0.0.13-12a6a820047e3132ee61831695cef6c364501b06, =4.0.2-4925-8b6a45f5d4ee7831398049b4716df775a3f16f2e,...

01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +15731 more potentially affected by CVE-2024-43796 via express (>=1.0.0 <=4.1.2)

express NPM version =1.0.0, =1.0.0, =0.0.1, =1.0.3, =0.2.0, =1.0.2, =1.0.0, =2.0.0, =0.2.0, =0.0.1, =0.1.6 and more Source cves: CVE-2024-43796 Source advisory: OSV:GHSA-QW6H-VGH9-J6WX...